Hi,
I will like to know if it's possible to have another user other than root with full webconfig administrative priviledges. In ClearOS 5.1, there used to be a way to do this via System -> Settings -> Administrator. In ClearOS 6.3, that feature is gone.
I will like to know, how do I achieve this in ClearOS 6.3?
Thanks
I will like to know if it's possible to have another user other than root with full webconfig administrative priviledges. In ClearOS 5.1, there used to be a way to do this via System -> Settings -> Administrator. In ClearOS 6.3, that feature is gone.
I will like to know, how do I achieve this in ClearOS 6.3?
Thanks
Share this post:
Responses (18)
-
Accepted Answer
Nick Howitt wrote:
What do you use the box for?
To be honest, without setting up users I am not sure how you can give another user restricted access. Perhaps the ClearOS Administrators app will accept non-root users. Why not set up a test box to find out? Have you set up any classic Unix users at all or is the box currently root access only?
The main purpose for this COS is to be a gateway, providing fault tolerance and balancing for 2 Internet connections. Now, it's working with only one ISP, but the idea is to have 2 (again) in a near future.
I have to find some hours to try what you have suggested. It will be nesessary to provide a basic user with a reboot tool because I'm an external supplier. If I'm not there and the one and only internet connection is down, besides some basic stuff that a user inside can try, I don't have a way to reboot it remotely. The only remaining option is to reset de host, thus, reseting also both VMs hosted there.
Many thanks for your comments. -
Accepted Answer
What do you use the box for?
To be honest, without setting up users I am not sure how you can give another user restricted access. Perhaps the ClearOS Administrators app will accept non-root users. Why not set up a test box to find out? Have you set up any classic Unix users at all or is the box currently root access only? -
Accepted Answer
Nick Howitt wrote:
If you want users, in a small office and don't have or want an AD server, go for OpenLDAP . You must have one of the three in order to set up users in the ClearOS model. Keep clear of Samba Directory as it is giving issues and is only a Beta product. Windows Networking (Samba) is fine but servers a completely different purpose - mainly file serving (flexshares) but also a bit of authentication.
In a small office, if you install Windows Networking, consider if you want a Domain or just simple file serving. It defaults to domain but I use simple file serving at home. No one has to log onto their PC's. If you want peole to log in, go down the domain route.
Also please go to Certificate Manager and initialise your server certificate.
Certificate done.
I have to confess that I'm a little "afraid" of installing OpenLDAP in this box. Moreover, because they don't need it. I just need to provide my client an easy way to reboot COS sometimes. Is there another way to allow a basic user to reboot it?
This is a virtualized COS. In the begining, it was installed bare metal. One day, COS just stoped resolving dns queries. I never knew why. So, after a whole day of reading this forum and tampering the box, I decided to reinstall and virtualize it, because it was easier to restore to a previous state. I don't like to rollback the box to a previous snapshot, but sometimes, this is the best solution. -
Accepted Answer
If you want users, in a small office and don't have or want an AD server, go for OpenLDAP . You must have one of the three in order to set up users in the ClearOS model. Keep clear of Samba Directory as it is giving issues and is only a Beta product. Windows Networking (Samba) is fine but servers a completely different purpose - mainly file serving (flexshares) but also a bit of authentication.
In a small office, if you install Windows Networking, consider if you want a Domain or just simple file serving. It defaults to domain but I use simple file serving at home. No one has to log onto their PC's. If you want peole to log in, go down the domain route.
Also please go to Certificate Manager and initialise your server certificate. -
Accepted Answer
Thank you Nick.
I just didn't know that app. I've already installed, but the menu option shows me a page asking for install OpenLDAP, SAMBA or AD connector. Is this mandatory? This is a small office, they don't have AD nor other directory. I've installed once SAMBA, but some options didn't work anymore, showing a text like "Ooooops .... You need a stronger auth....." (or something like that).
What do you suggest as the better choice? -
Accepted Answer
-
Accepted Answer
Hi.
This is an old post but my question is related.
I just need to give a user the ability to reboot the COS thru an option in dashboard (I consider this secure).
According to this procedure, the access_control file would have:
subadmin=/app/dashboard.
But, how do I add a new webconfig user? A system (OS) user would be ok?
Thanks. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Just a little technical note on why this is problematic in the 6.x architecture. With 6.x we implemented the best practice of group based rights across the board. We also adopted the paradigm that multiple servers should be able to exist on the same network. The problem that arises then is the separation of rights and the ability to make an administrator exist on one machine but not the other. We know HOW to address this but there is a fair amount of programming to make this happen.
As you can see from Ben's post, the framework for administration exists but we need to get the app built. -
Accepted Answer
Upcoming task is to make sub-admins part of the LDAP d accounts in 6.
Until then, to give a user you have created sub-admin access:
Create the file:
/var/clearos/base/access_control/custom/access_control
With the format:
username = ... list of allowed urls .. Example bob = /app/date, /app/content-filter
Here is a full list of apps as of today.
/app/reports, /app/multiwan, /app/accounts, /app/php, /app/software_updates, /app/base, /app/certificate_manager, /app/ bandwidth_viewer, /app/devel, /app/marketplace, /app/print_server, /app/mail_notification, /app/web_proxy, /app/mail_archive, /app/ network_visualiser, /app/port_forwarding, /app/wireless, /app/smtp_plugin, /app/system_database, /app/mail_antispam, /app/ mail_antivirus, /app/print_server_plugin, /app/ntp, /app/ssh_server, /app/tiki_wiki, /app/account_import, /app/backuppc, /app/ registration, /app/proxy_report, /app/edition, /app/mail_report, /app/imap_plugin, /app/imap, /app/mail_extension, /app/ software_repository, /app/clearsync, /app/openvpn_plugin, /app/user_certificates, /app/suva, /app/user_certificates_plugin, /app/ clearcenter, /app/log_viewer, /app/dashboard, /app/web_server, /app/mail, /app/mail_quarantine, /app/mail_routing, /app/ mail_settings, /app/netatalk, /app/mobile_demo, /app/mail_filter, /app/dhcp, /app/egress_firewall, /app/nat_firewall, /app/ content_filter, /app/groups, /app/flexshare, /app/mysql, /app/dmz, /app/antiphishing, /app/antivirus, /app/bandwidth, /app/ configuration_backup, /app/contact_extension, /app/date, /app/disk_usage, /app/dns, /app/file_scan, /app/firewall, /app/ firewall_custom, /app/ftp, /app/ftp_plugin, /app/graphical_console, /app/greylisting, /app/incoming_firewall, /app/intrusion_detection, / app/intrusion_prevention, /app/intrusion_protection_report, /app/kolab_directory_extension, /app/language, /app/ldap, /app/mode, / app/network, /app/openldap, /app/openldap_directory, /app/openvpn, /app/organization, /app/password_policies, /app/pbx, /app/ pptpd, /app/pptpd_plugin, /app/process_viewer, /app/protocol_filter, /app/radius, /app/raid, /app/samba, /app/samba_extension, / app/samba_file_extension, /app/shell_extension, /app/simple_mode, /app/smtp, /app/storage, /app/system_applications, /app/ system_services, /app/tasks, /app/user_profile, /app/users, /app/web_access_control, /app/web_proxy_plugin, /app/zarafa_extension, / app/verified_updates, /app/kaspersky_mail, /app/zarafa, /app/zarafa_community, /app/zarafa_professional, /app/zarafa_small_business/app/antispam_updates, /app/remote_backup, /app/security_audit, /app/active_directory, /app/dynamic_vpn, /app/ antimalware_updates, /app/content_filter_updates, /app/intrusion_protection_updates, /app/system_monitor, /app/clearbox300, /app/ account_synchronization, /app/central_management, /app/clearcenter, /app/marketplace, /app/registration, /app/suva, /app/ dynamic_dns, /app/google_apps, /app/kaspersky_file, /app/kaspersky_gateway
B -
Accepted Answer
Sorry I don't know
http://www.clearfoundation.com/docs/release_info/clearos_community_6.3.0/final_release_information
The Administrators app does not fit into the group-based policy engine in ClearOS 6. The underlying mechanism that existed in ClearOS 5 has been ported to version 6, but it requires command line configuration.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »